CN103763100A - Sum and product computing method for protecting data privacy security of arbitrary user group - Google Patents
Sum and product computing method for protecting data privacy security of arbitrary user group Download PDFInfo
- Publication number
- CN103763100A CN103763100A CN201310522898.4A CN201310522898A CN103763100A CN 103763100 A CN103763100 A CN 103763100A CN 201310522898 A CN201310522898 A CN 201310522898A CN 103763100 A CN103763100 A CN 103763100A
- Authority
- CN
- China
- Prior art keywords
- participant
- long
- centerdot
- pending
- participants
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004364 calculation method Methods 0.000 title abstract description 9
- 238000000205 computational method Methods 0.000 claims description 21
- 239000000203 mixture Substances 0.000 claims description 6
- 239000000047 product Substances 0.000 abstract 10
- 239000012467 final product Substances 0.000 abstract 1
- 238000000034 method Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 3
- 238000007418 data mining Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000012417 linear regression Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012358 sourcing Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a sum and product computing method for protecting data privacy security of an arbitrary user group. The computing method comprises the following steps of system initialization, user private key generation, secret key generation, sum encryption, product encryption, sum decryption, and product decryption. To be specific, according to the system initialization, a security parameter is specified; and a corresponding integer group and a system public key are generated by the security parameter. According to the user private key generation, participants in the user group compute private keys independently and respectively, so that the product of the private keys is equal to one after modulus operation. According to the secret key generation, a sum secret key and a product secret key for encryption data are generated for the participants based on combination of the system public key and the user private keys. According to the sum encryption, during the sum computing, the participants utilize the obtained secret keys to carry out encryption on the sum computing and send obtained sum ciphertexts to other participants in the user group. According to the product encryption, during product computing, the participants utilize the obtained secret keys to carry out encryption on the product computing and send obtained product ciphertexts to other participants in the user group. According to the sum decryption, the participants in the user group combine the received ciphertexts to obtain a final sum. And according to the product decryption, the participants in the user group combine received ciphertexts to obtain a final product.
Description
Technical field
The present invention relates to Secure computing technique field, be specifically related to any customer group data-privacy of a kind of protection based on polynomial interopolation algorithm safety and with long-pending computational methods.
Background technology
Arbitrarily user's and there is using value very widely with long-pending safety compute.Along with the development of network technology, personal data are often used in the calculating of statistical information or the application based on data mining.Such as the electric weight in intelligent grid is dispatched the power information of utilizing each family; Data mining in social networks involves personal information; The personal information providing based on public users is provided in service in mass-rent (Crowd Sourcing) application.But user's data have sensitiveness, user's openly data of oneself of being unwilling, the calculating needing in therefore need to completing application under the condition that does not expose individual data.The calculating needing in most of this type of application can both with multiple and, long-pending calculating (for example: linear regression analysis realize, support vector classification, variance is calculated, mean value calculation etc.), and and with long-pending each variable participant from mutual mistrust, i.e. each party's openly private data of oneself of being all unwilling.
Along with market demands, existing a large amount of having researched and proposed for the solution of polynomial computation in many ways in applied cryptography field.These methods often lay particular emphasis on theoretic secret protection, and do not consider the environment of practical application scene thereby lack practicality.In the environment of practical application scene, the customer group that participates in calculating often dynamically changes, and therefore can not fix some customer groups; The user who participates in calculating may be thousands of, and the computing capability of individual calculus platform and storage capacity limited, computation complexity and communication complexity can not be too large; A lot of application are higher to the requirement of result of calculation, therefore can not utilize approximation to replace final calculation result; Trusted third party or trusted party are difficult to exist under practical application scene, therefore calculate and can not rely on these objects.After these environmental factors are taken into account, most methods of the prior art (for example Secure calculates, the result of study in homomorphic cryptography algorithm and other same domains) all cannot be applied in actual life.Especially in the environment without trusted channel, need to draw that, in the algorithm of correct result, correlation technique up to now all needs the user of each combination to generate a group key, cause each user need to preserve individual 2
nkey, space complexity is too high.Therefore, need a kind of method gearing to actual circumstances calculate safely data that multi-user provides and with long-pending.
Summary of the invention
(1) technical problem that will solve
The object of the present invention is to provide any customer group data-privacy of a kind of flexible, quick and safe protection safety and with long-pending computational methods; Make the private data that jointly calculates them that the participant of combination in any can both be quick and safe and with long-pending, and guarantee suitable space complexity.
(2) technical scheme
Technical solution of the present invention is as follows:
Any customer group data-privacy of protection safety based on polynomial interopolation algorithm and with long-pending computational methods, comprise step:
S1. system initialization: specify security parameter κ, generate corresponding group of integers and system PKI according to described security parameter κ;
S2. generate private key for user: in customer group, participant calculates private key independently of one another, make the product of these private keys after modulo operation, be equivalent to one;
S3. key generates: in conjunction with described system PKI and private key for user be participant generate for enciphered data with key and long-pending key;
S4. and encrypt: with calculate time, participant utilizes the key obtaining to being encrypted with calculating, and handle obtain issue other participants in customer group with ciphertext;
S5. long-pending encryption: when long-pending calculating, participant utilizes the key obtaining to be encrypted long-pending calculating, and the long-pending ciphertext obtaining is issued to other participants in customer group;
S6. and deciphering: the participant in customer group by the ciphertext combination of receiving obtain final and;
S7. long-pending deciphering: the participant in customer group obtains final amassing by the ciphertext combination of receiving.
Preferably, described step S1 comprises:
S11. after specifying security parameter κ, generate the prime number p that length is κ;
S13. public address system PKI <p, g, g
1>.
Preferably, described step S2 comprises:
S22. described participant i will
send to participant i-1 and participant i+1;
And,
Preferably, all participants' quantity is n, in described step S22:
When i=1, participant i-1 is participant n;
When i=n, participant i+1 is participant 1.
Preferably, described step S3 comprises:
S31. participant i independent random is chosen the secret parameter of following random number as oneself:
…
Wherein, n
minbe participate in and, long-pending minimum number requirement of calculating;
S32. the following key algorithm of the common participation of described participant i and other any participant j:
The secret multinomial of participant j local computing oneself:
Calculate open parameter:
Participant j issues described participant i by the open parameter calculating;
S33. the following parameter of described participant i local computing:
And calculate following multinomial:
Wherein, formula model above
be that a removes the integer quotient that b obtains and uses p delivery again, rather than a is multiplied by b at integer field
in contrary, at formula
Middle a representative
Middle molecule "
", b representative
" p (p-1) p " of middle denominator.
S35. to all k=n
min..., n, repeatedly described step S32-S34; Described participant i obtains encryption key
Preferably, described n
minminimum is 3.
Preferably, described step S4 comprises:
And the set of issuing all participant's compositions
in all participants.
Preferably, described step S5 comprises:
Preferably, described step S6 comprises:
That all participants send according to other participants that receive and cryptogram computation:
Preferably, described step S7 comprises:
The long-pending cryptogram computation that all participants send according to other participants that receive:
(3) beneficial effect
Any customer group data-privacy of the protection safety that the embodiment of the present invention provides and with long-pending computational methods, provide calculate the data of any customer group and with long-pending method, can allow the participant of combination in any calculate safely their private data and with long-pending; And all data are used encryption keys, guaranteed the privacy of data; Meanwhile, key generates does not need safe communication channel, and eavesdropping is attacked and had robustness; In addition, method of the present invention does not rely on trusted third party, adopts acentric Distributed Calculation completely; Finally, the simple encryption of method use of the present invention, calculating consumes very little with the consumption of communicating by letter, and can on the limited platform of computational resource, realize.
Accompanying drawing explanation
Fig. 1 be any customer group data-privacy of the protection in embodiment of the present invention safety and with the schematic flow sheet of long-pending computational methods.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described further.Following examples are only for the present invention is described, but are not used for limiting the scope of the invention.
As shown in fig. 1, any customer group data-privacy of the protection based on the polynomial interopolation algorithm safety providing in the present embodiment and mainly comprise step with long-pending computational methods:
S1. system initialization: specify security parameter κ, generate corresponding group of integers and system PKI according to described security parameter κ;
S2. generate private key for user: in customer group, participant calculates private key independently of one another, make the product of these private keys after modulo operation, be equivalent to one;
S3. key generates: in conjunction with described system PKI and private key for user be participant generate for enciphered data with key and long-pending key, and key for and encrypt, long-pending key is encrypted for long-pending;
S4. and encrypt: with calculate time, participant utilizes the key obtaining to being encrypted with calculating, and handle obtain issue other participants in customer group with ciphertext;
S5. long-pending encryption: when long-pending calculating, participant utilizes the key obtaining to be encrypted long-pending calculating, and the long-pending ciphertext obtaining is issued to other participants in customer group;
S6. and deciphering: the participant in customer group by the ciphertext combination of receiving obtain final and;
S7. long-pending deciphering: the participant in customer group obtains final amassing by the ciphertext combination of receiving.
Exemplary; in the present embodiment, also provide any customer group data-privacy of a kind of above-mentioned protection safety and with the specific implementation of the each step of long-pending computational methods; by utilizing the characteristic of polynomial interopolation algorithm, realize make the customer group of combination in any can complete quickly and safely following and with long-pending calculating:
Wherein x
ithe private data providing for participant i,
the set that the participant who calculates for all participations forms, only belongs to set
participant can obtain result of calculation, and outside participant i, other people can not obtain about private data x
iany information.
In the present embodiment, described step S1 further comprises:
S11. after specifying security parameter κ, generate the prime number p that length is κ;
S13. public address system PKI <p, g, g
1>.
In the present embodiment, this step completes based on discrete logarithm, concrete, and this step further comprises:
S21. in customer group, participant i exists arbitrarily
in choose at random independently random number
All participants' quantity is n, in this step:
When i=1, participant i-1 is participant n;
When i=n, participant i+1 is participant 1.
Because discrete logarithm is difficult to solve in large integer field, therefore, although all communication channels are all disclosed, only have participant i to calculate
In the present embodiment, described step S3 further comprises:
S31. participant i independent random is chosen following (k-1) (n-n
min) individual random number is as oneself secret parameter:
…
Wherein, n
minbe participate in and, long-pending minimum number requirement of calculating; Preferably, described n
minminimum requirement is 3; If participant's total number of persons is less than 3, the participant who participates in calculating may can guess out other participants' data.According to application actual demand, different systems can have different lowest numbers to require (for example,, in data mining or mass-rent application, in order to obtain more general result, may need to guarantee certain sample size).
S32. the following key algorithm of the common participation of described participant i and other any participant j:
The secret multinomial of participant j local computing oneself:
Calculate open parameter:
Participant j issues described participant i by the open parameter calculating;
S33. the following parameter of described participant i local computing:
And calculate following multinomial:
S35. to all k=n
min..., n, repeatedly described step S32-S34;
S36. export the encryption key that described participant i obtains:
In the present embodiment, described step S4 further comprises:
Carrying out and calculating
time, all participants calculate x
iand ciphertext:
In the present embodiment, described step S5 further comprises:
Carrying out and calculating
time, all participants calculate x
ilong-pending ciphertext:
In the present embodiment, described step S6 further comprises:
That all participants send according to other participants that receive and cryptogram computation:
In the present embodiment, described step S7 further comprises:
The long-pending cryptogram computation that all participants send according to other participants that receive:
Any customer group data-privacy of the protection safety providing in the present embodiment and with long-pending computational methods; originate in without center, without TTP, without the environment of trusted channel, for the user of mutual mistrust provide efficiently, flexibly and protection privacy and, long-pending computational methods.All users' key in step S2 in the method and step S3 generation system, step S4 and step S6 provide calculate any customer group data and method, step S5 and step S7 step provides the long-pending method of any customer group data of calculating.Any customer group data-privacy of the protection safety providing in the present embodiment and with long-pending computational methods method can allow random subset participant in n name participant calculate their data and with long-pending, and other people can not get other information about personal data except data owner.The method relate to an add operation of a sum of products with encryption, long-pending encryption relates to exponent arithmetic of twice sum of products, thus encrypt calculating consume very low.Need with deciphering
sub-addition computing, long-pending deciphering needs
inferior multiplying, calculating consumes also very low.And each user only need to preserve n key, has linear space complexity.
Above execution mode is only for illustrating the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification, therefore all technical schemes that are equal to also belong to protection category of the present invention.
Claims (10)
- Any customer group data-privacy of protection based on polynomial interopolation algorithm safety and with long-pending computational methods, it is characterized in that, comprise step:S1. system initialization: specify security parameter κ, generate corresponding group of integers and system PKI according to described security parameter κ;S2. generate private key for user: in customer group, participant calculates private key independently of one another, make the product of these private keys after modulo operation, be equivalent to one;S3. key generates: in conjunction with described system PKI and private key for user be participant generate for enciphered data with key and long-pending key;S4. and encrypt: with calculate time, participant utilizes the key obtaining to being encrypted with calculating, and handle obtain issue other participants in customer group with ciphertext;S5. long-pending encryption: when long-pending calculating, participant utilizes the key obtaining to be encrypted long-pending calculating, and the long-pending ciphertext obtaining is issued to other participants in customer group;S6. and deciphering: the participant in customer group by the ciphertext combination of receiving obtain final and;S7. long-pending deciphering: the participant in customer group obtains final amassing by the ciphertext combination of receiving.
- According to claim 1 and with long-pending computational methods, it is characterized in that, described step S1 comprises:S11. after specifying security parameter κ, generate the prime number p that length is κ;S13. public address system PKI <p, g, g 1>.
- According to claim 2 and with long-pending computational methods, it is characterized in that, described step S2 comprises:S21. in customer group, participant i chooses independently at random arbitrarilyS22. described participant i will send to participant i-1 and participant i+1;
- According to claim 3 and with long-pending computational methods, it is characterized in that, all participants' quantity is n, in described step S22:When i=1, participant i-1 is participant n;When i=n, participant i+1 is participant 1.
- According to described in claim 3 or 4 and with long-pending computational methods, it is characterized in that, described step S3 comprises:S31. participant i independent random is chosen the secret parameter of following random number as oneself:…Wherein, n minbe participate in and, long-pending minimum number requirement of calculating;S32. the following key algorithm of the common participation of described participant i and other any participant j:The secret multinomial of participant j local computing oneself:Calculate open parameter:Participant j issues described participant i by the open parameter calculating;S33. the following parameter of described participant i local computing:And calculate following multinomial:S35. to all k=n min..., n, repeatedly described step S32-S34; Described participant i obtains encryption key
- According to claim 5 and with long-pending computational methods, it is characterized in that described n minminimum is 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310522898.4A CN103763100B (en) | 2013-10-29 | 2013-10-29 | Protect any customer group data-privacy safety and with product computational methods |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310522898.4A CN103763100B (en) | 2013-10-29 | 2013-10-29 | Protect any customer group data-privacy safety and with product computational methods |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103763100A true CN103763100A (en) | 2014-04-30 |
CN103763100B CN103763100B (en) | 2017-11-17 |
Family
ID=50530265
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310522898.4A Active CN103763100B (en) | 2013-10-29 | 2013-10-29 | Protect any customer group data-privacy safety and with product computational methods |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103763100B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580500A (en) * | 2015-01-23 | 2015-04-29 | 清华大学 | Cloud-based two-value vector distance computing method and device and cloud server |
CN104767763A (en) * | 2015-04-28 | 2015-07-08 | 湖北工业大学 | Privacy protecting area user electricity quantity aggregation system and method for intelligent power grid |
CN107707530A (en) * | 2017-09-12 | 2018-02-16 | 福建师范大学 | A kind of method for secret protection and system of mobile intelligent perception |
CN109446828A (en) * | 2018-11-07 | 2019-03-08 | 北京邮电大学 | A kind of multi-party computations method and device |
CN111737337A (en) * | 2020-08-14 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Multi-party data conversion method, device and system based on data privacy protection |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4292835B2 (en) * | 2003-03-13 | 2009-07-08 | 沖電気工業株式会社 | Secret reconstruction method, distributed secret reconstruction device, and secret reconstruction system |
CN101814131B (en) * | 2009-02-25 | 2012-08-22 | 中国科学院自动化研究所 | Method for improving security of fuzzy fingerprint safe |
CN102663520B (en) * | 2012-04-05 | 2015-12-09 | 中国人民解放军国防科学技术大学 | A kind of suboptimal solution method for solving solving framework based on the pseudo-spectrometry of optimal control problem |
-
2013
- 2013-10-29 CN CN201310522898.4A patent/CN103763100B/en active Active
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580500A (en) * | 2015-01-23 | 2015-04-29 | 清华大学 | Cloud-based two-value vector distance computing method and device and cloud server |
CN104580500B (en) * | 2015-01-23 | 2018-07-27 | 清华大学 | Binary set distance calculating method, device and server based on cloud |
CN104767763A (en) * | 2015-04-28 | 2015-07-08 | 湖北工业大学 | Privacy protecting area user electricity quantity aggregation system and method for intelligent power grid |
CN104767763B (en) * | 2015-04-28 | 2017-10-24 | 湖北工业大学 | The zone user electricity paradigmatic system and method for secret protection in a kind of intelligent grid |
CN107707530A (en) * | 2017-09-12 | 2018-02-16 | 福建师范大学 | A kind of method for secret protection and system of mobile intelligent perception |
CN107707530B (en) * | 2017-09-12 | 2020-07-31 | 福建师范大学 | Privacy protection method and system for mobile crowd sensing |
CN109446828A (en) * | 2018-11-07 | 2019-03-08 | 北京邮电大学 | A kind of multi-party computations method and device |
CN109446828B (en) * | 2018-11-07 | 2020-10-13 | 北京邮电大学 | Secure multi-party computing method and device |
CN111737337A (en) * | 2020-08-14 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Multi-party data conversion method, device and system based on data privacy protection |
CN111737337B (en) * | 2020-08-14 | 2020-12-08 | 支付宝(杭州)信息技术有限公司 | Multi-party data conversion method, device and system based on data privacy protection |
Also Published As
Publication number | Publication date |
---|---|
CN103763100B (en) | 2017-11-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102116877B1 (en) | New cryptographic systems using pairing with errors | |
CN1773905B (en) | Method, equipment and system for generating anonymous common key in safety communication system | |
CN104967513B (en) | The multi-receiver ring label decryption method of identity-based with maltilevel security attribute | |
US20180302218A1 (en) | Password based key exchange from ring learning with errors | |
CN105763528B (en) | The encryption device of diversity person's anonymity under a kind of mixed mechanism | |
CN103763100B (en) | Protect any customer group data-privacy safety and with product computational methods | |
CN107294696A (en) | For the full homomorphism method for distributing key of Leveled | |
Mohan et al. | Homomorphic encryption-state of the art | |
Wang et al. | Server aided ciphertext-policy attribute-based encryption | |
Zhu et al. | Password-Authenticated Key Exchange Scheme Using Chaotic Maps towards a New Architecture in Standard Model. | |
Huang et al. | A Conference Key Scheme Based on the Diffie-Hellman Key Exchange. | |
CN109495244A (en) | Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys | |
Mikhail et al. | Extension and application of El-Gamal encryption scheme | |
Patel et al. | Comparative evaluation of elliptic curve cryptography based homomorphic encryption schemes for a novel secure multiparty computation | |
CN108880782A (en) | The secrecy calculation method of minimum value under a kind of cloud computing platform | |
CN102111266B (en) | Method for generating group keys based on elliptic curve | |
Han et al. | Attribute-based signcryption scheme with non-monotonic access structure | |
CN107294972B (en) | Identity-based generalized multi-receiver anonymous signcryption method | |
Zhang et al. | Privacy‐friendly weighted‐reputation aggregation protocols against malicious adversaries in cloud services | |
Amounas et al. | An efficient signcryption scheme based on the elliptic curve discrete logarithm problem | |
Moldovyan et al. | Randomized pseudo-probabilistic encryption algorithms | |
Yang et al. | Simple Generalized Group‐Oriented Cryptosystems Using ElGamal Cryptosystem | |
Nandgaonkar et al. | A survey on privacy-preserving data aggregation without secure channel | |
Peng et al. | One publicly verifiable secret sharing scheme based on linear code | |
Gunnala et al. | An Attribute Involved Public Key Cryptosystem Based on P-Sylow Subgroups and Randomization. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |